CVE-2009-1436

EUVD-2009-1434
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
6.3
freebsdfreebsd
6.3:release_p10
freebsdfreebsd
6.4
freebsdfreebsd
6.4:release_p4
freebsdfreebsd
6.4:stable
freebsdfreebsd
7.0
freebsdfreebsd
7.0:release-p12
freebsdfreebsd
7.1
freebsdfreebsd
7.1:release-p5
freebsdfreebsd
7.2:pre-release
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756
http://osvdb.org/53918
http://secunia.com/advisories/34810
http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc
http://www.securityfocus.com/bid/34666
http://www.securitytracker.com/id?1022113
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756
http://osvdb.org/53918
http://secunia.com/advisories/34810
http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc
http://www.securityfocus.com/bid/34666
http://www.securitytracker.com/id?1022113